Links

Links

• https://github.com/EdOverflow/can-i-take-over-xyz
• https://github.com/skelsec/aardwolf
• https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-115.pdf
• SYN cookies - Wikipedia
• https://github.com/OWASP/www-community
• https://thecontractor.io/posts/
• https://projectzero.google/
• https://words.filippo.io/csrf
• https://specterops.io/blog
• https://www.extrahop.com/blog/detect-and-stop-icmp-tunneling
• Preventing script injection attacks - PowerShell | Microsoft Learn
• PostgreSQL UDF Command Execution. Metasploit framework is the most… | by Ashish Bhangale | Pentester Academy Blog
• PostgreSQL for red teams
• r0oth3x49/ghauri: An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws
• secret club | We Break Software
• Windows PrivEsc with SeBackupPrivilege | by Nairuz Abulhul | R3d Buck3T | Medium
• 🔐Blog of Osanda - Security Researching and Reverse Engineering
• Okta for Red Teamers - TrustedSec
• GitHub - diego-treitos/linux-smart-enumeration: Linux enumeration tool for pentesting and CTFs with verbosity levels
• GitHub - 0xb11a1/yetAnotherObfuscator: C# obfuscator that bypass windows defender
• scanf Bypasses | Binary Exploitation
• TGTDeleg | Pentest Everything
• deeb blog
• GitHub - alufers/mitmproxy2swagger: Automagically reverse-engineer REST APIs via capturing traffic
• PT SWARM – Positive Technologies Offensive Team
• README - Pentester’s Promiscuous Notebook
• O.MG Field Kit - Hak5
• Active Directory Permissions Explained
• an_ace_up_the_sleeve.pdf
• AD Certificate Services: Risky Settings and Their Remediation
• unix-ninja
• Payloads All The Things
• GitHub - dobin/avred: Analyse your malware to surgically obfuscate it
• Behind the Chromium Vault: A Guide to Stealing Cookies II – Krptyk
• Exploit Notes
• GitHub - blacklanternsecurity/bbot: The recursive internet scanner for hackers. 🧡
• HackTricks - HackTricks
• threlfall_hax
• https://owasp.org/API-Security/editions/2023/en/0x10-api-security-risks/
• https://www.resecurity.com/blog
• Greg’s blog
• Cross-Site Scripting (XSS) Cheat Sheet - 2025 Edition | Web Security Academy
• CAPEC - CAPEC-137: Parameter Injection (Version 3.9)
• CAPEC - CAPEC-6: Argument Injection (Version 3.9)
• The AFL++ fuzzing framework | AFLplusplus
• RedTeam Pentesting GmbH - Seeing your network from the attacker’s perspective
• A Detailed Guide on Evil-Winrm - Hacking Articles
• JSON Web Token attacks and vulnerabilities | Invicti
• GitHub - tanc7/hacking-books
• owtf/owtf: Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp
• Unicode Injection - HackTricks
• CAPEC - CAPEC-111: JSON Hijacking (aka JavaScript Hijacking) (Version 3.9)
• GitHub - GamehunterKaan/AutoPWN-Suite: AutoPWN Suite is a project for scanning vulnerabilities and exploiting systems automatically.
• GitHub - HackTricks-wiki/hacktricks: Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
• GitHub - Mayter/mssql-command-tool: xp_cmdshell与sp_oacreate执行命令回显和clr加载程序集执行相应操作，上传，job等相应操作。
• offsec.tools - A vast collection of security tools
• https://ssdeep-project.github.io/ssdeep/index.html
• Ansible Playbook Privilege Escalation | Linux Privilege Escalation
• https://theevilbit.github.io/posts/
• https://aff-wg.org/2025/12/01/tradecraft-orchestration-in-the-garden/
• https://aff-wg.org/2025/10/27/tradecraft-gardens-pic-parterre/
• https://alexschapiro.com/security/vulnerability/2025/11/20/avelo-airline-reservation-api-vulnerability
• https://github.com/trustedsec/COFFLoader
• https://rnsaffn.com/poison3/
• https://log.rosecurify.com/
• https://frida.re/
• https://www.invicti.com/learn-categories/vulnerabilities
• https://gracker.ai/cybersecurity-tools/category/network-cloud/cloud-security
• https://cybersectools.com/